insecurity in information technology - usenix enigma edition
TRANSCRIPT
Insecurity in Information Technology
Tanya [email protected]
OWASP Ottawa Chapter Leader
OWASP DevSlop Project Leader
@SheHacksPurple
All of this creates the feeling of insecurity about people’s jobs and how to do them well.
This leads to predictably negative behaviour.
Deviant Behaviour
Moral Disengagement
Reduced Job Involvement
Risk Taking Behaviour
Reduction of Organizational Citizenship Behavior
(positive workplace activity and involvement)
All of this negative behavior leads to insecure software.
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
The Plan:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
Start Security Earlier!
Requirements Design Code Testing Release
Push Left!
Break security testing into smaller pieces
1
1
Job Shadowing
2Give Developers Security Tools!
OWASP: Your new BFF!!!
The Open Web Application Security Project
2
2
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
In Summary:
1. Support dev and sec team with processes, training, and resources so they can confidently get the job done.
2. Initiate and then maintain culture change.
ANY
QUESTIONS?OWASP Ottawa Chapter Leader
OWASP DevSlop Project Leader
@SheHacksPurple
Tanya [email protected]